by Anna Fifield
February 23, 2018
TOKYO — North Korea is quietly expanding both the scope and sophistication of its cyberweaponry, laying the groundwork for more devastating attacks, according to a report published Tuesday.
Kim Jong Un’s cyberwarriors have been accused of causing huge disruptions in recent years, including a massive hack on Sony Pictures in 2014 and last year’s WannaCry ransomware worm, as well as numerous attacks on South Korean servers.
Now, it appears that North Korea has also been using previously unknown holes in the Internet to carry out cyberespionage — the kind of activity that could easily metamorphose into full-scale attacks, according to a report from FireEye, a California-based cybersecurity company.
Although the North Korean regime bans the Internet for ordinary citizens and is decidedly behind the times with most technology, it has funneled a huge amount of time and money into building a cyber-army capable of outsmarting more technologically advanced countries such as South Korea.
“Our concern is that this could be used for a disruptive attack rather than a classic espionage mission, which we already know that the North Koreans are regularly carrying out,” said John Hultquist, director of intelligence analysis for FireEye.
FireEye said it has “high confidence” that a cyberespionage group it has identified as APT37 is responsible for a number of attacks, not just in South Korea but also in Japan, Vietnam and the Middle East. These include “zero-day vulnerability” attacks in which hackers find and exploit flaws in software before the developers have had an opportunity to create patches to fix them.